Hello Guys,
we have some trouble with our 1570R Gateways connected as ClusterXL HA and sync Port.
We have the following setup:
Because of technical issues, we have not been able to connect the snyc port directly.
So the Sync goes over the Access Level on Cisco Switches, with a special VLAN, dedicated to the sync IPs.
The VLAN is routed on the Core.
Our Problem is, that when one firewall crashes(power outtage or restart) the HA seems to work, but the Produciton Line dont comes up. Until one of the member gets restarted manually.
So the problem seems to be, that the Hirschmann devices dont use the new route over the new active member when the other one is not reachable anymore. When the restart is done the firewalls go back to the old member state, but the Hirschmanns are keeping the old route.
SO we lose the connection to the production line, until we manually redo the state change and the old route is working again.
My question now:
whats wrong? how can we solve this issue?
Is it because we are using the sync port over the cisco level?
The Sync ports have a dedicated connecton to the cisco switches, and dedicated vlan/subnet
Can someone provide helpful input? Would be nice.
Possibly worth testing Virtual MAC mode for the Cluster:
Otherwise more information is required...
Which version/build are the Gateways - R80.20.35 (992002577) ?
Anything interesting in the logs from the gateways?
Do the switches have g-arp disabled?
What are the routes / default gateways pointed at for their next-hop?
Do you have the switches ARP/Mac table outputs from a failure scenario that you can analyze?
| User | Count |
|---|---|
| 25 | |
| 22 | |
| 19 | |
| 12 | |
| 11 | |
| 9 | |
| 8 | |
| 6 | |
| 6 | |
| 6 |
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
